论文信息 - Improving the Security of Your Site by Breaking Into it

Improving the Security of Your Site by Breaking Into it

Every day, all over the world, computer networks and hosts are being broken into. The level of sophistication of these attacks varies widely; while it is generally believed that most break-ins succeed due to weak passwords, there are still a large number of intrusions that use more advanced techniques to break in. Less is known about the latter types of break-ins, because by their very nature they are much harder to detect. CERT. SRI. The Nic. NCSC. RSA. NASA. MIT. Uunet. Berkeley. Purdue. Sun. You name it, we’ve seen it broken into. Anything that is on the Internet (and many that isn’t) seems to be fairly easy game. Are these targets unusual? What happened?

Dan Farmer | Wietse Venema

[1] Udo W. Pooch,et al. A Unix network protocol security study: network information service , 1992, CCRV.

[2] Robert W. Baldwin. Rule Based Analysis of Computer Security , 1987, COMPCON.

[3] K. Thompson. Reflections on trusting trust , 1984, CACM.

[4] Simson L. Garfinkel,et al. Practical UNIX Security , 1991 .

[5] Steven M. Bellovin,et al. Using the Domain Name System for System Break-ins , 1995, USENIX Security Symposium.

[6] Christoph Ludwig Schuba. Addressing Weaknesses in the Domain Name System Protocol , 1993 .

[7] S. M. Bellovin,et al. Security problems in the TCP/IP protocol suite , 1989, CCRV.